RastorMosaic
2018-06-14, 17:44
Hello and Thank you in advance. My computer has started acting strange. When I open a folder, all folders inside are highlighted (not a biggie, but no usual) Many programs slowing down to open. System restore is "there" but does nothing when you click the button, like it's 'dead'. I've cleaned, defragged, you know, general upkeep, cleanup. Seemed to make it worse. I backed up my registry. It said that two entries failed. I don't know if you need any of that. Spybot logs run clean. So, here are the logs...
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by Owner (administrator) on OWNER-PC446 (14-06-2018 09:11:57)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner & Yodi & CompAdmin (Available Profiles: Owner & Yodi & CompAdmin)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler64.exe
(f.lux Software LLC) C:\Users\Owner\AppData\Local\FluxSoftware\Flux\flux.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Users\Owner\Documents\Programs\Security\windows 10 stuff\GWX_control_panel.exe [4596296 2017-01-31] (UltimateOutsider)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-05-17] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-04-08] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\Run: [f.lux] => C:\Users\Owner\AppData\Local\FluxSoftware\Flux\flux.exe [1682936 2018-01-17] (f.lux Software LLC)
HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\MountPoints2: {0a8a8fdb-9b75-11e5-b600-8dcc0ab31f22} - D:\Run.exe
HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\MountPoints2: {4dda4dd6-4b1d-11e8-b019-fcaa14e2776d} - J:\Start.exe
HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\MountPoints2: {fa077db1-b565-11e5-9080-fcaa14e2776d} - J:\LG_PC_Programs.exe
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\softwareupdate.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\startupdo.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk.disabled [2018-01-01]
ShortcutTarget: Avast Cleanup Premium.lnk.disabled -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.254 192.168.1.1
Tcpip\..\Interfaces\{79461EA5-6AF5-4F5B-9C66-6A3724E731E4}: [DhcpNameServer] 192.168.2.254 192.168.1.1
Tcpip\..\Interfaces\{FD6C0BDB-71C1-4531-9144-D395A21AC314}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-05-17] (AVAST Software)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-05-18] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-05-17] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-05-18] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
FireFox:
========
FF DefaultProfile: siueqfw7.default-1482705022050-1527525206204
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\siueqfw7.default-1482705022050-1527525206204 [2018-06-14]
FF Session Restore: Mozilla\Firefox\Profiles\siueqfw7.default-1482705022050-1527525206204 -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-16] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-09-21] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-05-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-05-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1769359704-1337508281-3947573860-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Owner\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-10-03] (Zoom Video Communications, Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxps://m.uscellular.com/uscellular/app/login/authenticate/
CHR StartupUrls: Default -> "hxxps://m.uscellular.com/uscellular/app/login/authenticate/"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2018-06-12]
CHR Extension: (Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-18]
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-18]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-18]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-18]
CHR Extension: (Avast SafePrice) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-06-11]
CHR Extension: (Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-18]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-23]
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-04-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-20]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-11]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-29] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7620096 2018-05-17] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-13] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-05-17] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [428984 2018-05-17] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-13] (AVAST Software)
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [8633072 2018-06-11] (AVAST Software)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)
S4 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [53176 2017-08-16] (Microsoft)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196640 2018-05-17] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-08] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-08] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-08] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-08] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-05-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [159120 2018-05-17] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2017-07-04] (AVAST Software)
R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [640248 2018-05-17] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111360 2018-05-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [85968 2018-05-17] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1027720 2018-05-17] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-05-17] (AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-05-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381552 2018-05-17] (AVAST Software)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2014-10-31] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [305664 2014-10-31] (VIA Technologies, Inc.)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-06-14 09:11 - 2018-06-14 09:12 - 000015608 _____ C:\Users\Owner\Desktop\FRST.txt
2018-06-14 09:10 - 2018-06-14 09:11 - 000000000 ____D C:\FRST
2018-06-14 09:10 - 2018-06-14 09:10 - 002413056 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2018-06-14 08:58 - 2018-06-14 08:58 - 000000207 _____ C:\Windows\tweaking.com-regbackup-OWNER-PC446-Windows-7-Professional-(64-bit).dat
2018-06-14 08:58 - 2018-06-14 08:58 - 000000000 ____D C:\RegBackup
2018-06-14 08:56 - 2018-06-14 08:56 - 000002239 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2018-06-14 08:56 - 2018-06-14 08:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-06-14 08:56 - 2018-06-14 08:56 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2018-06-14 08:55 - 2018-06-14 08:56 - 000018258 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2018-06-14 08:53 - 2018-06-14 08:53 - 005766144 _____ (Tweaking.com) C:\Users\Owner\Desktop\tweaking.com_registry_backup_setup.exe
2018-06-13 04:43 - 2018-06-13 04:43 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-06-13 04:41 - 2018-06-13 04:41 - 000003374 _____ C:\Windows\System32\Tasks\AvastUpdateTaskMachineUA
2018-06-13 04:41 - 2018-06-13 04:41 - 000003246 _____ C:\Windows\System32\Tasks\AvastUpdateTaskMachineCore
2018-06-13 04:41 - 2018-06-13 04:41 - 000000000 ____D C:\Users\Owner\AppData\Local\AVAST Software
2018-06-08 14:44 - 2018-06-08 14:44 - 000890704 _____ C:\Windows\system32\FNTCACHE.DAT
2018-06-02 19:43 - 2018-06-02 19:44 - 013066610 _____ C:\Users\Owner\Desktop\Herbaria Vol8#2.pdf
2018-05-28 11:31 - 2018-06-08 14:44 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-05-28 11:31 - 2018-05-28 11:31 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-05-23 01:29 - 2018-06-13 04:48 - 000002045 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2018-05-23 01:29 - 2018-05-23 01:29 - 000000000 ____D C:\Users\Owner\AppData\Local\FluxSoftware
2018-05-22 11:25 - 2018-06-14 08:37 - 000000000 ____D C:\Users\Owner\Desktop\Old Firefox Data
2018-05-19 15:26 - 2018-05-19 15:27 - 000000000 ____D C:\Users\Owner\Documents\Receipts
2018-05-19 12:11 - 2018-05-19 12:11 - 000000000 ____D C:\Users\Owner\AppData\Local\ESET
2018-05-19 12:09 - 2018-05-19 12:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-18 20:01 - 2018-05-18 20:01 - 000000000 ____D C:\Users\CompAdmin\AppData\Local\Google
2018-05-18 14:35 - 2018-05-17 22:12 - 000376536 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-06-14 09:07 - 2016-11-16 10:09 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
2018-06-14 08:34 - 2017-10-09 13:55 - 000000300 _____ C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2018-06-13 16:52 - 2016-10-17 15:20 - 000000000 ____D C:\Users\Owner\Documents\Laughingbird Documents
2018-06-13 16:31 - 2016-02-12 14:45 - 000000000 ____D C:\Users\Owner\AppData\Roaming\CoreFTP
2018-06-13 10:19 - 2015-12-13 21:18 - 000000000 ____D C:\RFD
2018-06-13 04:49 - 2009-07-13 23:45 - 000031888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-13 04:49 - 2009-07-13 23:45 - 000031888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-13 04:48 - 2017-03-17 14:31 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-06-13 04:48 - 2015-12-05 14:37 - 000000000 ____D C:\ProgramData\AVAST Software
2018-06-13 04:46 - 2009-07-14 00:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-13 04:46 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-06-13 04:41 - 2018-01-01 18:36 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2018-06-13 04:40 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-13 04:39 - 2015-12-05 13:23 - 000000000 ____D C:\ProgramData\NVIDIA
2018-06-12 14:00 - 2018-01-18 18:39 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-12 14:00 - 2018-01-18 18:39 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-09 08:37 - 2015-12-07 20:57 - 000000000 ____D C:\Users\Owner\Documents\Gardening
2018-06-09 07:26 - 2017-01-15 01:49 - 000000000 ____D C:\Users\Owner\Documents\Memes
2018-06-08 17:50 - 2015-12-07 21:02 - 000000000 ____D C:\Users\Owner\Documents\Personal
2018-06-08 17:45 - 2018-01-01 18:37 - 000004194 _____ C:\Windows\System32\Tasks\Avast TUNEUP Update
2018-06-08 17:45 - 2017-10-25 21:24 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-06-08 14:44 - 2016-12-02 12:59 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-06-08 14:44 - 2014-07-18 12:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-06-08 14:42 - 2015-12-12 13:37 - 000000000 ____D C:\ProgramData\CanonIJPLM
2018-06-07 17:39 - 2017-11-15 01:27 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-06-06 19:50 - 2015-12-07 21:35 - 000000000 ____D C:\Users\Owner\Documents\Quotes
2018-06-02 17:45 - 2015-12-05 13:14 - 000004478 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-05-30 03:00 - 2014-07-18 12:55 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-05-23 17:00 - 2015-12-05 14:36 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-21 12:13 - 2015-12-07 20:59 - 000000000 ____D C:\Users\Owner\Documents\Herbs
2018-05-19 12:09 - 2018-03-20 20:20 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-05-18 23:31 - 2016-09-23 14:53 - 000000000 ____D C:\Users\Owner\Documents\1AWebsites
2018-05-18 20:05 - 2017-01-14 00:58 - 000000000 ____D C:\Users\CompAdmin\AppData\LocalLow\Mozilla
2018-05-18 20:03 - 2015-12-13 19:19 - 000000000 ____D C:\Users\CompAdmin\AppData\Roaming\Mozilla
2018-05-18 20:01 - 2017-01-14 00:57 - 000000000 ____D C:\Users\CompAdmin\AppData\Roaming\Apple Computer
2018-05-18 18:19 - 2017-09-11 18:10 - 000251032 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2018-05-18 14:36 - 2015-12-24 23:46 - 000001922 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2018-05-18 14:19 - 2015-12-07 20:57 - 000000000 ____D C:\Users\Owner\Documents\graphics
2018-05-18 14:08 - 2015-12-05 14:35 - 000098760 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2018-05-18 14:08 - 2014-07-18 12:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-05-18 14:07 - 2014-11-12 19:36 - 000000000 ____D C:\Program Files (x86)\Java
2018-05-18 09:45 - 2015-12-12 13:35 - 000003498 _____ C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon
2018-05-17 22:12 - 2017-11-09 18:12 - 000196640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-05-17 22:12 - 2015-12-05 14:37 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-05-17 22:12 - 2015-12-05 14:37 - 000381552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-05-17 22:12 - 2015-12-05 14:37 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-05-17 22:12 - 2015-12-05 14:37 - 000159120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-05-17 22:12 - 2015-12-05 14:37 - 000111360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-05-17 22:12 - 2015-12-05 14:37 - 000085968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-05-17 22:12 - 2015-12-05 14:37 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-05-17 22:11 - 2016-02-09 17:16 - 000640248 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2018-05-17 22:11 - 2015-12-05 14:37 - 001027720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-05-17 14:53 - 2018-01-18 18:38 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-17 14:53 - 2018-01-18 18:38 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-15 08:11 - 2015-12-12 13:21 - 000000000 ____D C:\Users\Owner\AppData\Local\Microsoft Help
==================== Files in the root of some directories =======
2017-04-04 08:37 - 2017-04-04 08:37 - 000003932 _____ () C:\Users\Owner\NewFolder.reg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-06-07 00:22
==================== End of FRST.txt ============================
This is Addition that came with FRST.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by Owner (14-06-2018 09:12:29)
Running from C:\Users\Owner\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-07-18 17:41:18)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1769359704-1337508281-3947573860-500 - Administrator - Disabled)
CompAdmin (S-1-5-21-1769359704-1337508281-3947573860-1002 - Administrator - Enabled) => C:\Users\CompAdmin
Guest (S-1-5-21-1769359704-1337508281-3947573860-501 - Limited - Disabled)
Owner (S-1-5-21-1769359704-1337508281-3947573860-1000 - Administrator - Enabled) => C:\Users\Owner
Yodi (S-1-5-21-1769359704-1337508281-3947573860-1001 - Limited - Enabled) => C:\Users\Yodi
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Disabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
AI RoboForm (HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\AI RoboForm) (Version: - )
Amazon Kindle (HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\Amazon Kindle) (Version: 1.20.1.47037 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{1D1DCF8A-6961-F848-0DA0-5401969C44CE}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9E005AAA-81A3-478E-8944-532D350952EE}) (Version: 11.3.1.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 18.1.4888 - AVAST Software)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 18.4.2338 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 66.2.567.182 - AVAST Software)
BeCyPDFMetaEdit (HKLM-x32\...\BeCyPDFMetaEdit) (Version: 2.37.0 - Benjamin Bentmann)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version: - )
Canon MX510 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX510_series) (Version: - )
Canon MX510 series On-screen Manual (HKLM-x32\...\Canon MX510 series On-screen Manual) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.42 - Piriform)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12212.0 - Cisco Consumer Products LLC)
Colour Spy 1.5 (HKLM-x32\...\Colour Spy_is1) (Version: - SilverAge Software, Inc.)
Core FTP Pro (HKLM-x32\...\CoreFTP) (Version: - )
Core FTP Pro (x64) (HKLM-x32\...\CoreFTP(x64)) (Version: - )
Corel PaintShop Pro X4 (HKLM-x32\...\_{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.0.0.332 - Corel Corporation)
Corel PaintShop Pro X4 (HKLM-x32\...\{00AE1A2D-7BC2-4359-A0EC-E19F36E391BB}) (Version: 14.3.0.3 - Corel Corporation) Hidden
doPDF (HKLM\...\{F64C7477-8040-4993-9554-EC22AE7FA2C0}) (Version: 8.9.951 - Softland) Hidden
doPDF 8 (HKLM-x32\...\{3e04b5b8-dfc4-4bb3-99a1-a57ad01e1d55}) (Version: 8.9.951 - Softland)
e-Sword (HKLM-x32\...\{0BF38804-B6AE-4C32-9564-B0C0E7188D62}) (Version: 11.00.0006 - Rick Meyers)
f.lux (HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\Flux) (Version: - f.lux Software LLC)
GetDiz (HKLM-x32\...\GetDiz) (Version: 4.91 - Outertech)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
HTML-Kit 292 (HKLM-x32\...\HTMLKit_is1) (Version: 1.0 - HTMLKit.com)
HTML-Kit Tools (HKLM-x32\...\HTMLKitTools_is1) (Version: 1.0 - HTML-Kit.com)
ICA (HKLM-x32\...\{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.0.0.332 - Corel Corporation) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
IPM_PSP_COM (HKLM-x32\...\{00BEE329-BAAB-49FF-9B66-55E4B12B9ADD}) (Version: 14.0.0.332 - Corel Corporation) Hidden
iTunes (HKLM\...\{3D8C6B05-FE24-4B9C-A57C-B8E1FA39E83D}) (Version: 12.7.4.80 - Apple Inc.)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 14.0.0.0 - EditShare)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 60.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.2 (x64 en-US)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.1 - Mozilla)
Mozilla Thunderbird 52.8.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.8.0 (x86 en-US)) (Version: 52.8.0 - Mozilla)
novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{9F60F614-829C-4DE0-8671-C977529A0CAE}) (Version: 8.9.951 - Softland)
novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{D175C46B-DDC1-49B2-95C4-93825A97E718}) (Version: 8.9.951 - Softland)
novaPDF 8 Printer Driver (HKLM\...\{C5275556-5365-45C5-9586-1F6D56CD4BB4}) (Version: 8.9.951 - Softland)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.92 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE) Hidden
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) Hidden
PSPPContent (HKLM-x32\...\{006CAAEF-CA96-4181-AC22-FE56D61432E4}) (Version: 14.0.0.332 - Corel Corporation) Hidden
PSPPHelp (HKLM-x32\...\{00D74A7A-F7AD-4D00-ABD2-0973836292C7}) (Version: 14.0.0.332 - Corel Corporation) Hidden
PSPPro64 (HKLM\...\{0015DE8E-8D9F-403E-8E5A-4098410E6125}) (Version: 14.0.0.332 - Corel Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
Setup (HKLM-x32\...\{00D13418-7DDF-4D3D-A237-E297B103BB6B}) (Version: 14.0.0.332 - Corel Corporation) Hidden
Should I Remove It (HKLM-x32\...\{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}) (Version: 1.0.4 - Reason Software Company Inc.) Hidden
Should I Remove It (HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Stellarium 0.11.2 (HKLM-x32\...\Stellarium_is1) (Version: - )
SwordSearcher 4.1 Deluxe (HKLM-x32\...\{446E6F82-8899-447D-86EB-2399F453C858}) (Version: 4.1.1001 - Brandon Staggs)
The Character Creator Add On Pak v4 (HKLM-x32\...\The Character Creator Add On Pak) (Version: v4 - Laughingbird Software)
The Logo Creator v5 (HKLM-x32\...\The Logo Creator v5) (Version: - )
The Web Graphics Creator v3 (HKLM-x32\...\The Web Graphics Creator v3) (Version: - )
TimePassages (HKLM\...\{86498CF1-A12E-4132-9DC2-6093F7427C44}) (Version: 6.0.6 - AstroGraph Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Zoom (HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-17] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-17] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-17] (AVAST Software)
ContextMenuHandlers1: [Corel PaintShop Pro X4] -> {CA34A346-C652-4F33-8CFF-FD6A91D9D64A} => C:\Program Files (x86)\Corel\Corel PaintShop Pro X4\PSPContextMenu64.dll [2011-07-03] (Corel Software, Inc.)
ContextMenuHandlers2: [Corel PaintShop Pro X4] -> {CA34A346-C652-4F33-8CFF-FD6A91D9D64A} => C:\Program Files (x86)\Corel\Corel PaintShop Pro X4\PSPContextMenu64.dll [2011-07-03] (Corel Software, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-17] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-17] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01DBCFCB-F230-4907-9D83-6AA9D35AC519} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {04E949FE-CD0F-42AB-A092-76D7F41B2CC0} - System32\Tasks\{F476F115-DA88-4842-BF3C-FA5C0011125C} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Chami\HTML-Kit\Plugins\hkSetupPlus.exe" -d C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\yxf5nr0r.default-1449534959428 -c /hkpreg
Task: {05378750-80D6-4A76-AB25-26F2A98E6336} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2017-08-16] ()
Task: {0A24C88E-1494-4220-B6BF-F989D7F7A650} - System32\Tasks\Go to RoboForm Install page => C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMNJIMKJNMKMGMGMJMCNMMGMPMGMCNLMHMKJIMCNHMHMKMPMCNHMKJLMKMOJMJJMOJKMJJLMJMJNJICMJMCNGMCNHMHMFMGMCNOMOMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMLMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMALIIBJKJNIJNKJCMJNNICMJNDJCMKJBJ"
Task: {129535C6-9C98-470A-9221-9EDD51FA8482} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2018-06-11] (AVAST Software)
Task: {29EAE298-6871-465F-BFCF-31EC6AFC560A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {4B8D0910-1505-4952-B0E6-7A984E3A14DE} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-12-12] (Siber Systems)
Task: {4BCF080B-A1F2-460F-BB01-3751162A0FD6} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-13] (AVAST Software)
Task: {5DC58CD3-2FEE-46A7-ADA7-AA6A349CD151} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {7C0341C5-E113-43B2-93BE-A77A3DE0F6A0} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-06-08] (AVAST Software)
Task: {84A9A09A-8B83-4C32-9684-36C80A1AA5A6} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-05-17] (AVAST Software)
Task: {8824D666-AA70-4FB0-8F95-11B66BB6D2B3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {8C06F927-2B3E-4908-9749-BF520540A0E6} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-13] (AVAST Software)
Task: {A4F5C9D2-BF30-4157-B6A0-6FBF6969080D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-04-12] (Piriform Ltd)
Task: {AE01A8DE-72F8-45F7-AE17-A5A1EEA36026} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-04-12] (Piriform Ltd)
Task: {BFD5EBCB-C035-4B7B-8F6F-616F3C2EB7EA} - System32\Tasks\Spybot - Search & Destroy Updater - Scheduled Task => C:\Program Files (x86)\Spybot - Search & Destroy\SDUpdate.exe [2009-01-26] (Safer Networking Limited)
Task: {CB9F60F3-21A7-4141-A9E9-753F7055C958} - System32\Tasks\{690B8524-1E2C-49C0-AFAE-16359EF3485A} => C:\Windows\system32\pcalua.exe -a C:\Users\Owner\Documents\Products\LaughingBirdSoftware\LogoCreatorV3\WGC1_v3_Setup\WGC1_v3_Setup.exe -d C:\Users\Owner\Documents\Products\LaughingBirdSoftware\LogoCreatorV3\WGC1_v3_Setup
Task: {D2858E49-7CB5-481B-990C-7B9DD362EE80} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {D6AB093D-C146-4371-8180-A6FC1D65EADF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-18] (Google Inc.)
Task: {DBECF677-CDAC-4BEF-A26F-D7DC51583562} - System32\Tasks\{6F2BD83F-63BD-4FFD-9FC4-D2227EB8B811} => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Task: {E5662D04-B3B9-412D-8547-FEA3B6CFB4B9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-16] (Adobe Systems Incorporated)
Task: {F3CCE017-D338-4F4A-8923-58A2FE611EA1} - System32\Tasks\Spybot - Search & Destroy - Scheduled Task => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26] (Safer Networking Limited)
Task: {F41ECE15-265F-41FC-A8E9-8E69005CDEA1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F7B83AE3-847D-4395-9809-37E50BC90CA9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-18] (Google Inc.)
Task: {F8F9CE67-FCD4-4546-A0AD-5248356577FD} - System32\Tasks\{D5FE86F6-DD5B-4899-B7F6-347BD231CBC8} => C:\Windows\system32\pcalua.exe -a E:\AutoRunPro.exe -d E:\
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
Task: C:\Windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SDUpdate.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-12-05 13:23 - 2015-10-13 12:26 - 000125616 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-04-08 08:04 - 2018-04-08 08:04 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-04-08 08:04 - 2018-04-08 08:04 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2018-05-17 22:11 - 2018-05-17 22:11 - 000482520 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-05-17 22:11 - 2018-05-17 22:11 - 000889048 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-05-17 22:12 - 2018-05-17 22:12 - 000924888 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-05-17 22:11 - 2018-05-17 22:11 - 000982744 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-05-17 22:11 - 2018-05-17 22:11 - 000519896 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-06-13 08:44 - 2018-06-13 08:44 - 005839504 _____ () C:\Program Files\AVAST Software\Avast\defs\18061302\algo.dll
2018-03-08 18:48 - 2018-03-08 18:48 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-05-17 22:11 - 2018-05-17 22:11 - 000293592 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7937 more sites.
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\123simsen.com -> www.123simsen.com
There are 7937 more sites.
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\123simsen.com -> www.123simsen.com
There are 7936 more sites.
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\123simsen.com -> www.123simsen.com
There are 7936 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2018-06-14 08:34 - 000454428 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15598 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Yodi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\CompAdmin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.254 - 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{6614473A-4294-47B0-9E72-E30BC34B467C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0A1E5153-E4CF-46CD-9514-8A5F89735CE9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EECDD92A-BE36-4220-A350-1D13AF53A5B9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AF2E9FF9-9E55-4FA3-8B6F-B77B18E779D5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{454C2350-8C8F-46ED-A3EA-4B88A6C42634}] => (Allow) LPort=8501
FirewallRules: [{E9A238A4-E297-4272-8326-EB9D7574919F}] => (Allow) LPort=8501
FirewallRules: [{97C5FF8C-C541-4A34-B589-DDD1C14F1A54}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{BA9C0542-3115-4648-96A2-80E4989FAF77}] => (Allow) C:\Program Files\Lightworks\lightworks.exe
FirewallRules: [{5CBBF24A-C064-4A46-8D63-0A80FAF758E4}] => (Allow) C:\Program Files\Lightworks\lightworks.exe
FirewallRules: [{E861EFF1-A1F3-4885-8061-308C3177226F}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{D89E41BA-4CF3-41C1-B91D-E2964BC46496}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{784F969B-3BC5-469C-84D3-E7356BDEA5D0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{9ED137DB-1637-4448-9E49-D706B894BD28}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{843BEACA-E1A2-4941-96D3-DEE5F8E23150}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{112AA840-F81D-463E-AD20-F79EDFBA3BE6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E281E9EE-F72C-4BA2-90A0-7C5A2571B6E6}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
==================== Restore Points =========================
28-05-2018 00:00:02 Scheduled Checkpoint
04-06-2018 00:00:04 Scheduled Checkpoint
11-06-2018 00:18:08 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/14/2018 08:46:17 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (06/14/2018 07:46:18 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (06/14/2018 06:46:17 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (06/14/2018 05:46:18 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (06/14/2018 04:46:17 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (06/14/2018 03:46:18 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (06/14/2018 02:46:18 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (06/14/2018 01:46:17 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
System errors:
=============
Error: (06/13/2018 04:40:14 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UsbCharger
Error: (06/13/2018 04:39:50 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:36:30 AM on ‎6/‎13/‎2018 was unexpected.
Error: (06/08/2018 05:36:29 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UsbCharger
Error: (06/08/2018 05:35:56 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:34:26 PM on ‎6/‎8/‎2018 was unexpected.
Error: (06/08/2018 02:44:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UsbCharger
Error: (06/08/2018 02:43:16 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.
Error: (06/07/2018 05:45:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (06/07/2018 05:40:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
CodeIntegrity:
===================================
Date: 2018-06-05 22:18:22.740
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5\bcrypt.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-06-05 22:18:22.581
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5\bcrypt.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-06-05 22:18:22.423
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5\bcrypt.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-06-05 22:18:22.248
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5\bcrypt.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-06-01 16:35:30.322
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-06-01 16:35:30.176
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-06-01 16:35:30.029
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-06-01 16:35:29.881
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 32%
Total physical RAM: 8158.67 MB
Available physical RAM: 5533.5 MB
Total Virtual: 16315.52 MB
Available Virtual: 13537.86 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:1862.92 GB) (Free:1544.76 GB) NTFS
Drive d: () (Fixed) (Total:596.17 GB) (Free:365.06 GB) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{d8f78e62-0eb1-11e4-95a2-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 5409BCEB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=596.2 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2018-06-14 09:16:12
-----------------------------
09:16:12.109 OS Version: Windows x64 6.1.7601 Service Pack 1
09:16:12.109 Number of processors: 6 586 0x200
09:16:12.124 ComputerName: OWNER-PC446 UserName: Owner
09:16:13.731 Initialize success
09:16:13.762 VM: initialized successfully
09:16:13.762 VM: Amd CPU supported virtualized
09:16:21.874 AVAST engine defs: 18061302
09:16:43.980 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
09:16:43.980 Disk 0 Vendor: WDC_WD20 01.0 Size: 1907729MB BusType: 11
09:16:43.980 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000069
09:16:43.980 Disk 1 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 11
09:16:44.089 Disk 0 MBR read successfully
09:16:44.104 Disk 0 MBR scan
09:16:44.120 Disk 0 Windows 7 default MBR code
09:16:44.136 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:16:44.151 Disk 0 default boot code
09:16:44.151 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1907626 MB offset 206848
09:16:44.151 Disk 0 scanning C:\Windows\system32\drivers
09:16:54.135 Service scanning
09:17:07.582 Modules scanning
09:17:07.582 Disk 0 trace - called modules:
09:17:07.614 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
09:17:07.614 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e93060]
09:17:07.614 3 CLASSPNP.SYS[fffff880019a243f] -> nt!IofCallDriver -> [0xfffffa8006e29ac0]
09:17:07.629 5 amd_xata.sys[fffff88001139d00] -> nt!IofCallDriver -> \Device\00000068[0xfffffa8006e078b0]
09:17:09.174 AVAST engine scan C:\Windows
09:17:11.763 AVAST engine scan C:\Windows\system32
09:18:52.248 AVAST engine scan C:\Windows\system32\drivers
09:19:01.845 AVAST engine scan C:\Users\Owner
09:35:19.225 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
09:35:19.225 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by Owner (administrator) on OWNER-PC446 (14-06-2018 09:11:57)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner & Yodi & CompAdmin (Available Profiles: Owner & Yodi & CompAdmin)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler64.exe
(f.lux Software LLC) C:\Users\Owner\AppData\Local\FluxSoftware\Flux\flux.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Users\Owner\Documents\Programs\Security\windows 10 stuff\GWX_control_panel.exe [4596296 2017-01-31] (UltimateOutsider)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-05-17] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-04-08] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\Run: [f.lux] => C:\Users\Owner\AppData\Local\FluxSoftware\Flux\flux.exe [1682936 2018-01-17] (f.lux Software LLC)
HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\MountPoints2: {0a8a8fdb-9b75-11e5-b600-8dcc0ab31f22} - D:\Run.exe
HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\MountPoints2: {4dda4dd6-4b1d-11e8-b019-fcaa14e2776d} - J:\Start.exe
HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\MountPoints2: {fa077db1-b565-11e5-9080-fcaa14e2776d} - J:\LG_PC_Programs.exe
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\softwareupdate.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\startupdo.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk.disabled [2018-01-01]
ShortcutTarget: Avast Cleanup Premium.lnk.disabled -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.254 192.168.1.1
Tcpip\..\Interfaces\{79461EA5-6AF5-4F5B-9C66-6A3724E731E4}: [DhcpNameServer] 192.168.2.254 192.168.1.1
Tcpip\..\Interfaces\{FD6C0BDB-71C1-4531-9144-D395A21AC314}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-05-17] (AVAST Software)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-05-18] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-05-17] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-05-18] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
FireFox:
========
FF DefaultProfile: siueqfw7.default-1482705022050-1527525206204
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\siueqfw7.default-1482705022050-1527525206204 [2018-06-14]
FF Session Restore: Mozilla\Firefox\Profiles\siueqfw7.default-1482705022050-1527525206204 -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-16] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-09-21] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-05-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-05-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1769359704-1337508281-3947573860-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Owner\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-10-03] (Zoom Video Communications, Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxps://m.uscellular.com/uscellular/app/login/authenticate/
CHR StartupUrls: Default -> "hxxps://m.uscellular.com/uscellular/app/login/authenticate/"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2018-06-12]
CHR Extension: (Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-18]
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-18]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-18]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-18]
CHR Extension: (Avast SafePrice) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-06-11]
CHR Extension: (Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-18]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-23]
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-04-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-20]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-11]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-29] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7620096 2018-05-17] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-13] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-05-17] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [428984 2018-05-17] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-13] (AVAST Software)
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [8633072 2018-06-11] (AVAST Software)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)
S4 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [53176 2017-08-16] (Microsoft)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196640 2018-05-17] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-08] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-03-08] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-03-08] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-03-08] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-05-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [159120 2018-05-17] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2017-07-04] (AVAST Software)
R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [640248 2018-05-17] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111360 2018-05-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [85968 2018-05-17] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1027720 2018-05-17] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-05-17] (AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-05-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381552 2018-05-17] (AVAST Software)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2014-10-31] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [305664 2014-10-31] (VIA Technologies, Inc.)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-06-14 09:11 - 2018-06-14 09:12 - 000015608 _____ C:\Users\Owner\Desktop\FRST.txt
2018-06-14 09:10 - 2018-06-14 09:11 - 000000000 ____D C:\FRST
2018-06-14 09:10 - 2018-06-14 09:10 - 002413056 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2018-06-14 08:58 - 2018-06-14 08:58 - 000000207 _____ C:\Windows\tweaking.com-regbackup-OWNER-PC446-Windows-7-Professional-(64-bit).dat
2018-06-14 08:58 - 2018-06-14 08:58 - 000000000 ____D C:\RegBackup
2018-06-14 08:56 - 2018-06-14 08:56 - 000002239 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2018-06-14 08:56 - 2018-06-14 08:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-06-14 08:56 - 2018-06-14 08:56 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2018-06-14 08:55 - 2018-06-14 08:56 - 000018258 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2018-06-14 08:53 - 2018-06-14 08:53 - 005766144 _____ (Tweaking.com) C:\Users\Owner\Desktop\tweaking.com_registry_backup_setup.exe
2018-06-13 04:43 - 2018-06-13 04:43 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-06-13 04:41 - 2018-06-13 04:41 - 000003374 _____ C:\Windows\System32\Tasks\AvastUpdateTaskMachineUA
2018-06-13 04:41 - 2018-06-13 04:41 - 000003246 _____ C:\Windows\System32\Tasks\AvastUpdateTaskMachineCore
2018-06-13 04:41 - 2018-06-13 04:41 - 000000000 ____D C:\Users\Owner\AppData\Local\AVAST Software
2018-06-08 14:44 - 2018-06-08 14:44 - 000890704 _____ C:\Windows\system32\FNTCACHE.DAT
2018-06-02 19:43 - 2018-06-02 19:44 - 013066610 _____ C:\Users\Owner\Desktop\Herbaria Vol8#2.pdf
2018-05-28 11:31 - 2018-06-08 14:44 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-05-28 11:31 - 2018-05-28 11:31 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-05-23 01:29 - 2018-06-13 04:48 - 000002045 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2018-05-23 01:29 - 2018-05-23 01:29 - 000000000 ____D C:\Users\Owner\AppData\Local\FluxSoftware
2018-05-22 11:25 - 2018-06-14 08:37 - 000000000 ____D C:\Users\Owner\Desktop\Old Firefox Data
2018-05-19 15:26 - 2018-05-19 15:27 - 000000000 ____D C:\Users\Owner\Documents\Receipts
2018-05-19 12:11 - 2018-05-19 12:11 - 000000000 ____D C:\Users\Owner\AppData\Local\ESET
2018-05-19 12:09 - 2018-05-19 12:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-18 20:01 - 2018-05-18 20:01 - 000000000 ____D C:\Users\CompAdmin\AppData\Local\Google
2018-05-18 14:35 - 2018-05-17 22:12 - 000376536 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-06-14 09:07 - 2016-11-16 10:09 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
2018-06-14 08:34 - 2017-10-09 13:55 - 000000300 _____ C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2018-06-13 16:52 - 2016-10-17 15:20 - 000000000 ____D C:\Users\Owner\Documents\Laughingbird Documents
2018-06-13 16:31 - 2016-02-12 14:45 - 000000000 ____D C:\Users\Owner\AppData\Roaming\CoreFTP
2018-06-13 10:19 - 2015-12-13 21:18 - 000000000 ____D C:\RFD
2018-06-13 04:49 - 2009-07-13 23:45 - 000031888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-13 04:49 - 2009-07-13 23:45 - 000031888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-13 04:48 - 2017-03-17 14:31 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-06-13 04:48 - 2015-12-05 14:37 - 000000000 ____D C:\ProgramData\AVAST Software
2018-06-13 04:46 - 2009-07-14 00:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-13 04:46 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-06-13 04:41 - 2018-01-01 18:36 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2018-06-13 04:40 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-13 04:39 - 2015-12-05 13:23 - 000000000 ____D C:\ProgramData\NVIDIA
2018-06-12 14:00 - 2018-01-18 18:39 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-12 14:00 - 2018-01-18 18:39 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-09 08:37 - 2015-12-07 20:57 - 000000000 ____D C:\Users\Owner\Documents\Gardening
2018-06-09 07:26 - 2017-01-15 01:49 - 000000000 ____D C:\Users\Owner\Documents\Memes
2018-06-08 17:50 - 2015-12-07 21:02 - 000000000 ____D C:\Users\Owner\Documents\Personal
2018-06-08 17:45 - 2018-01-01 18:37 - 000004194 _____ C:\Windows\System32\Tasks\Avast TUNEUP Update
2018-06-08 17:45 - 2017-10-25 21:24 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-06-08 14:44 - 2016-12-02 12:59 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-06-08 14:44 - 2014-07-18 12:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-06-08 14:42 - 2015-12-12 13:37 - 000000000 ____D C:\ProgramData\CanonIJPLM
2018-06-07 17:39 - 2017-11-15 01:27 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-06-06 19:50 - 2015-12-07 21:35 - 000000000 ____D C:\Users\Owner\Documents\Quotes
2018-06-02 17:45 - 2015-12-05 13:14 - 000004478 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-05-30 03:00 - 2014-07-18 12:55 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-05-23 17:00 - 2015-12-05 14:36 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-21 12:13 - 2015-12-07 20:59 - 000000000 ____D C:\Users\Owner\Documents\Herbs
2018-05-19 12:09 - 2018-03-20 20:20 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-05-18 23:31 - 2016-09-23 14:53 - 000000000 ____D C:\Users\Owner\Documents\1AWebsites
2018-05-18 20:05 - 2017-01-14 00:58 - 000000000 ____D C:\Users\CompAdmin\AppData\LocalLow\Mozilla
2018-05-18 20:03 - 2015-12-13 19:19 - 000000000 ____D C:\Users\CompAdmin\AppData\Roaming\Mozilla
2018-05-18 20:01 - 2017-01-14 00:57 - 000000000 ____D C:\Users\CompAdmin\AppData\Roaming\Apple Computer
2018-05-18 18:19 - 2017-09-11 18:10 - 000251032 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2018-05-18 14:36 - 2015-12-24 23:46 - 000001922 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2018-05-18 14:19 - 2015-12-07 20:57 - 000000000 ____D C:\Users\Owner\Documents\graphics
2018-05-18 14:08 - 2015-12-05 14:35 - 000098760 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2018-05-18 14:08 - 2014-07-18 12:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-05-18 14:07 - 2014-11-12 19:36 - 000000000 ____D C:\Program Files (x86)\Java
2018-05-18 09:45 - 2015-12-12 13:35 - 000003498 _____ C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon
2018-05-17 22:12 - 2017-11-09 18:12 - 000196640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-05-17 22:12 - 2015-12-05 14:37 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-05-17 22:12 - 2015-12-05 14:37 - 000381552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-05-17 22:12 - 2015-12-05 14:37 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-05-17 22:12 - 2015-12-05 14:37 - 000159120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-05-17 22:12 - 2015-12-05 14:37 - 000111360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-05-17 22:12 - 2015-12-05 14:37 - 000085968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-05-17 22:12 - 2015-12-05 14:37 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-05-17 22:11 - 2016-02-09 17:16 - 000640248 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2018-05-17 22:11 - 2015-12-05 14:37 - 001027720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-05-17 14:53 - 2018-01-18 18:38 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-17 14:53 - 2018-01-18 18:38 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-15 08:11 - 2015-12-12 13:21 - 000000000 ____D C:\Users\Owner\AppData\Local\Microsoft Help
==================== Files in the root of some directories =======
2017-04-04 08:37 - 2017-04-04 08:37 - 000003932 _____ () C:\Users\Owner\NewFolder.reg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-06-07 00:22
==================== End of FRST.txt ============================
This is Addition that came with FRST.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by Owner (14-06-2018 09:12:29)
Running from C:\Users\Owner\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-07-18 17:41:18)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1769359704-1337508281-3947573860-500 - Administrator - Disabled)
CompAdmin (S-1-5-21-1769359704-1337508281-3947573860-1002 - Administrator - Enabled) => C:\Users\CompAdmin
Guest (S-1-5-21-1769359704-1337508281-3947573860-501 - Limited - Disabled)
Owner (S-1-5-21-1769359704-1337508281-3947573860-1000 - Administrator - Enabled) => C:\Users\Owner
Yodi (S-1-5-21-1769359704-1337508281-3947573860-1001 - Limited - Enabled) => C:\Users\Yodi
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Disabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
AI RoboForm (HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\AI RoboForm) (Version: - )
Amazon Kindle (HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\Amazon Kindle) (Version: 1.20.1.47037 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{1D1DCF8A-6961-F848-0DA0-5401969C44CE}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9E005AAA-81A3-478E-8944-532D350952EE}) (Version: 11.3.1.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 18.1.4888 - AVAST Software)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 18.4.2338 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 66.2.567.182 - AVAST Software)
BeCyPDFMetaEdit (HKLM-x32\...\BeCyPDFMetaEdit) (Version: 2.37.0 - Benjamin Bentmann)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version: - )
Canon MX510 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX510_series) (Version: - )
Canon MX510 series On-screen Manual (HKLM-x32\...\Canon MX510 series On-screen Manual) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.42 - Piriform)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12212.0 - Cisco Consumer Products LLC)
Colour Spy 1.5 (HKLM-x32\...\Colour Spy_is1) (Version: - SilverAge Software, Inc.)
Core FTP Pro (HKLM-x32\...\CoreFTP) (Version: - )
Core FTP Pro (x64) (HKLM-x32\...\CoreFTP(x64)) (Version: - )
Corel PaintShop Pro X4 (HKLM-x32\...\_{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.0.0.332 - Corel Corporation)
Corel PaintShop Pro X4 (HKLM-x32\...\{00AE1A2D-7BC2-4359-A0EC-E19F36E391BB}) (Version: 14.3.0.3 - Corel Corporation) Hidden
doPDF (HKLM\...\{F64C7477-8040-4993-9554-EC22AE7FA2C0}) (Version: 8.9.951 - Softland) Hidden
doPDF 8 (HKLM-x32\...\{3e04b5b8-dfc4-4bb3-99a1-a57ad01e1d55}) (Version: 8.9.951 - Softland)
e-Sword (HKLM-x32\...\{0BF38804-B6AE-4C32-9564-B0C0E7188D62}) (Version: 11.00.0006 - Rick Meyers)
f.lux (HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\Flux) (Version: - f.lux Software LLC)
GetDiz (HKLM-x32\...\GetDiz) (Version: 4.91 - Outertech)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
HTML-Kit 292 (HKLM-x32\...\HTMLKit_is1) (Version: 1.0 - HTMLKit.com)
HTML-Kit Tools (HKLM-x32\...\HTMLKitTools_is1) (Version: 1.0 - HTML-Kit.com)
ICA (HKLM-x32\...\{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.0.0.332 - Corel Corporation) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
IPM_PSP_COM (HKLM-x32\...\{00BEE329-BAAB-49FF-9B66-55E4B12B9ADD}) (Version: 14.0.0.332 - Corel Corporation) Hidden
iTunes (HKLM\...\{3D8C6B05-FE24-4B9C-A57C-B8E1FA39E83D}) (Version: 12.7.4.80 - Apple Inc.)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 14.0.0.0 - EditShare)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 60.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.2 (x64 en-US)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.1 - Mozilla)
Mozilla Thunderbird 52.8.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.8.0 (x86 en-US)) (Version: 52.8.0 - Mozilla)
novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{9F60F614-829C-4DE0-8671-C977529A0CAE}) (Version: 8.9.951 - Softland)
novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{D175C46B-DDC1-49B2-95C4-93825A97E718}) (Version: 8.9.951 - Softland)
novaPDF 8 Printer Driver (HKLM\...\{C5275556-5365-45C5-9586-1F6D56CD4BB4}) (Version: 8.9.951 - Softland)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.92 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE) Hidden
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) Hidden
PSPPContent (HKLM-x32\...\{006CAAEF-CA96-4181-AC22-FE56D61432E4}) (Version: 14.0.0.332 - Corel Corporation) Hidden
PSPPHelp (HKLM-x32\...\{00D74A7A-F7AD-4D00-ABD2-0973836292C7}) (Version: 14.0.0.332 - Corel Corporation) Hidden
PSPPro64 (HKLM\...\{0015DE8E-8D9F-403E-8E5A-4098410E6125}) (Version: 14.0.0.332 - Corel Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
Setup (HKLM-x32\...\{00D13418-7DDF-4D3D-A237-E297B103BB6B}) (Version: 14.0.0.332 - Corel Corporation) Hidden
Should I Remove It (HKLM-x32\...\{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}) (Version: 1.0.4 - Reason Software Company Inc.) Hidden
Should I Remove It (HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Stellarium 0.11.2 (HKLM-x32\...\Stellarium_is1) (Version: - )
SwordSearcher 4.1 Deluxe (HKLM-x32\...\{446E6F82-8899-447D-86EB-2399F453C858}) (Version: 4.1.1001 - Brandon Staggs)
The Character Creator Add On Pak v4 (HKLM-x32\...\The Character Creator Add On Pak) (Version: v4 - Laughingbird Software)
The Logo Creator v5 (HKLM-x32\...\The Logo Creator v5) (Version: - )
The Web Graphics Creator v3 (HKLM-x32\...\The Web Graphics Creator v3) (Version: - )
TimePassages (HKLM\...\{86498CF1-A12E-4132-9DC2-6093F7427C44}) (Version: 6.0.6 - AstroGraph Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Zoom (HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-17] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-17] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-17] (AVAST Software)
ContextMenuHandlers1: [Corel PaintShop Pro X4] -> {CA34A346-C652-4F33-8CFF-FD6A91D9D64A} => C:\Program Files (x86)\Corel\Corel PaintShop Pro X4\PSPContextMenu64.dll [2011-07-03] (Corel Software, Inc.)
ContextMenuHandlers2: [Corel PaintShop Pro X4] -> {CA34A346-C652-4F33-8CFF-FD6A91D9D64A} => C:\Program Files (x86)\Corel\Corel PaintShop Pro X4\PSPContextMenu64.dll [2011-07-03] (Corel Software, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-17] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-17] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01DBCFCB-F230-4907-9D83-6AA9D35AC519} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {04E949FE-CD0F-42AB-A092-76D7F41B2CC0} - System32\Tasks\{F476F115-DA88-4842-BF3C-FA5C0011125C} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Chami\HTML-Kit\Plugins\hkSetupPlus.exe" -d C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\yxf5nr0r.default-1449534959428 -c /hkpreg
Task: {05378750-80D6-4A76-AB25-26F2A98E6336} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2017-08-16] ()
Task: {0A24C88E-1494-4220-B6BF-F989D7F7A650} - System32\Tasks\Go to RoboForm Install page => C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMNJIMKJNMKMGMGMJMCNMMGMPMGMCNLMHMKJIMCNHMHMKMPMCNHMKJLMKMOJMJJMOJKMJJLMJMJNJICMJMCNGMCNHMHMFMGMCNOMOMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMLMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMALIIBJKJNIJNKJCMJNNICMJNDJCMKJBJ"
Task: {129535C6-9C98-470A-9221-9EDD51FA8482} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2018-06-11] (AVAST Software)
Task: {29EAE298-6871-465F-BFCF-31EC6AFC560A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {4B8D0910-1505-4952-B0E6-7A984E3A14DE} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-12-12] (Siber Systems)
Task: {4BCF080B-A1F2-460F-BB01-3751162A0FD6} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-13] (AVAST Software)
Task: {5DC58CD3-2FEE-46A7-ADA7-AA6A349CD151} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {7C0341C5-E113-43B2-93BE-A77A3DE0F6A0} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-06-08] (AVAST Software)
Task: {84A9A09A-8B83-4C32-9684-36C80A1AA5A6} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-05-17] (AVAST Software)
Task: {8824D666-AA70-4FB0-8F95-11B66BB6D2B3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {8C06F927-2B3E-4908-9749-BF520540A0E6} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-06-13] (AVAST Software)
Task: {A4F5C9D2-BF30-4157-B6A0-6FBF6969080D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-04-12] (Piriform Ltd)
Task: {AE01A8DE-72F8-45F7-AE17-A5A1EEA36026} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-04-12] (Piriform Ltd)
Task: {BFD5EBCB-C035-4B7B-8F6F-616F3C2EB7EA} - System32\Tasks\Spybot - Search & Destroy Updater - Scheduled Task => C:\Program Files (x86)\Spybot - Search & Destroy\SDUpdate.exe [2009-01-26] (Safer Networking Limited)
Task: {CB9F60F3-21A7-4141-A9E9-753F7055C958} - System32\Tasks\{690B8524-1E2C-49C0-AFAE-16359EF3485A} => C:\Windows\system32\pcalua.exe -a C:\Users\Owner\Documents\Products\LaughingBirdSoftware\LogoCreatorV3\WGC1_v3_Setup\WGC1_v3_Setup.exe -d C:\Users\Owner\Documents\Products\LaughingBirdSoftware\LogoCreatorV3\WGC1_v3_Setup
Task: {D2858E49-7CB5-481B-990C-7B9DD362EE80} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {D6AB093D-C146-4371-8180-A6FC1D65EADF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-18] (Google Inc.)
Task: {DBECF677-CDAC-4BEF-A26F-D7DC51583562} - System32\Tasks\{6F2BD83F-63BD-4FFD-9FC4-D2227EB8B811} => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Task: {E5662D04-B3B9-412D-8547-FEA3B6CFB4B9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-16] (Adobe Systems Incorporated)
Task: {F3CCE017-D338-4F4A-8923-58A2FE611EA1} - System32\Tasks\Spybot - Search & Destroy - Scheduled Task => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26] (Safer Networking Limited)
Task: {F41ECE15-265F-41FC-A8E9-8E69005CDEA1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F7B83AE3-847D-4395-9809-37E50BC90CA9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-18] (Google Inc.)
Task: {F8F9CE67-FCD4-4546-A0AD-5248356577FD} - System32\Tasks\{D5FE86F6-DD5B-4899-B7F6-347BD231CBC8} => C:\Windows\system32\pcalua.exe -a E:\AutoRunPro.exe -d E:\
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
Task: C:\Windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SDUpdate.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-12-05 13:23 - 2015-10-13 12:26 - 000125616 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-04-08 08:04 - 2018-04-08 08:04 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-04-08 08:04 - 2018-04-08 08:04 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2018-05-17 22:11 - 2018-05-17 22:11 - 000482520 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-05-17 22:11 - 2018-05-17 22:11 - 000889048 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-05-17 22:12 - 2018-05-17 22:12 - 000924888 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-05-17 22:11 - 2018-05-17 22:11 - 000982744 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-05-17 22:11 - 2018-05-17 22:11 - 000519896 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-06-13 08:44 - 2018-06-13 08:44 - 005839504 _____ () C:\Program Files\AVAST Software\Avast\defs\18061302\algo.dll
2018-03-08 18:48 - 2018-03-08 18:48 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-05-17 22:11 - 2018-05-17 22:11 - 000293592 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7937 more sites.
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\...\123simsen.com -> www.123simsen.com
There are 7937 more sites.
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\...\123simsen.com -> www.123simsen.com
There are 7936 more sites.
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\...\123simsen.com -> www.123simsen.com
There are 7936 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2018-06-14 08:34 - 000454428 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15598 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1769359704-1337508281-3947573860-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1769359704-1337508281-3947573860-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Yodi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1769359704-1337508281-3947573860-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\CompAdmin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.254 - 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{6614473A-4294-47B0-9E72-E30BC34B467C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0A1E5153-E4CF-46CD-9514-8A5F89735CE9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EECDD92A-BE36-4220-A350-1D13AF53A5B9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AF2E9FF9-9E55-4FA3-8B6F-B77B18E779D5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{454C2350-8C8F-46ED-A3EA-4B88A6C42634}] => (Allow) LPort=8501
FirewallRules: [{E9A238A4-E297-4272-8326-EB9D7574919F}] => (Allow) LPort=8501
FirewallRules: [{97C5FF8C-C541-4A34-B589-DDD1C14F1A54}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{BA9C0542-3115-4648-96A2-80E4989FAF77}] => (Allow) C:\Program Files\Lightworks\lightworks.exe
FirewallRules: [{5CBBF24A-C064-4A46-8D63-0A80FAF758E4}] => (Allow) C:\Program Files\Lightworks\lightworks.exe
FirewallRules: [{E861EFF1-A1F3-4885-8061-308C3177226F}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{D89E41BA-4CF3-41C1-B91D-E2964BC46496}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{784F969B-3BC5-469C-84D3-E7356BDEA5D0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{9ED137DB-1637-4448-9E49-D706B894BD28}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{843BEACA-E1A2-4941-96D3-DEE5F8E23150}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{112AA840-F81D-463E-AD20-F79EDFBA3BE6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E281E9EE-F72C-4BA2-90A0-7C5A2571B6E6}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
==================== Restore Points =========================
28-05-2018 00:00:02 Scheduled Checkpoint
04-06-2018 00:00:04 Scheduled Checkpoint
11-06-2018 00:18:08 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/14/2018 08:46:17 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (06/14/2018 07:46:18 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (06/14/2018 06:46:17 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (06/14/2018 05:46:18 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (06/14/2018 04:46:17 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (06/14/2018 03:46:18 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (06/14/2018 02:46:18 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
Error: (06/14/2018 01:46:17 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
System errors:
=============
Error: (06/13/2018 04:40:14 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UsbCharger
Error: (06/13/2018 04:39:50 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:36:30 AM on ‎6/‎13/‎2018 was unexpected.
Error: (06/08/2018 05:36:29 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UsbCharger
Error: (06/08/2018 05:35:56 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:34:26 PM on ‎6/‎8/‎2018 was unexpected.
Error: (06/08/2018 02:44:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UsbCharger
Error: (06/08/2018 02:43:16 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.
Error: (06/07/2018 05:45:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (06/07/2018 05:40:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
CodeIntegrity:
===================================
Date: 2018-06-05 22:18:22.740
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5\bcrypt.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-06-05 22:18:22.581
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5\bcrypt.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-06-05 22:18:22.423
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5\bcrypt.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-06-05 22:18:22.248
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5\bcrypt.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-06-01 16:35:30.322
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-06-01 16:35:30.176
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-06-01 16:35:30.029
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-06-01 16:35:29.881
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 32%
Total physical RAM: 8158.67 MB
Available physical RAM: 5533.5 MB
Total Virtual: 16315.52 MB
Available Virtual: 13537.86 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:1862.92 GB) (Free:1544.76 GB) NTFS
Drive d: () (Fixed) (Total:596.17 GB) (Free:365.06 GB) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{d8f78e62-0eb1-11e4-95a2-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 5409BCEB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=596.2 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2018-06-14 09:16:12
-----------------------------
09:16:12.109 OS Version: Windows x64 6.1.7601 Service Pack 1
09:16:12.109 Number of processors: 6 586 0x200
09:16:12.124 ComputerName: OWNER-PC446 UserName: Owner
09:16:13.731 Initialize success
09:16:13.762 VM: initialized successfully
09:16:13.762 VM: Amd CPU supported virtualized
09:16:21.874 AVAST engine defs: 18061302
09:16:43.980 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
09:16:43.980 Disk 0 Vendor: WDC_WD20 01.0 Size: 1907729MB BusType: 11
09:16:43.980 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000069
09:16:43.980 Disk 1 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 11
09:16:44.089 Disk 0 MBR read successfully
09:16:44.104 Disk 0 MBR scan
09:16:44.120 Disk 0 Windows 7 default MBR code
09:16:44.136 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:16:44.151 Disk 0 default boot code
09:16:44.151 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1907626 MB offset 206848
09:16:44.151 Disk 0 scanning C:\Windows\system32\drivers
09:16:54.135 Service scanning
09:17:07.582 Modules scanning
09:17:07.582 Disk 0 trace - called modules:
09:17:07.614 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
09:17:07.614 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e93060]
09:17:07.614 3 CLASSPNP.SYS[fffff880019a243f] -> nt!IofCallDriver -> [0xfffffa8006e29ac0]
09:17:07.629 5 amd_xata.sys[fffff88001139d00] -> nt!IofCallDriver -> \Device\00000068[0xfffffa8006e078b0]
09:17:09.174 AVAST engine scan C:\Windows
09:17:11.763 AVAST engine scan C:\Windows\system32
09:18:52.248 AVAST engine scan C:\Windows\system32\drivers
09:19:01.845 AVAST engine scan C:\Users\Owner
09:35:19.225 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
09:35:19.225 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"